Police Tech & Gear

with Tim Dees

LAPD retreats from the cloud

Security measures inadequate for police email and documents

A little over a year ago, we reported the bold decision of the City of Los Angeles to move much of its internal communications and records structure to “the cloud,” namely, Google Apps. This decision portended what many viewed as a trend away from software and data residing on a local computer or server and toward storing this information on a distant, though accessible, server. That trend may still be valid, but not in Los Angeles. Well, now LAPD is going back to its old Novell email network.

Novell has been around a long time, predating widespread use of the Internet to the era where email systems were internal to the organization that owned them. You could send email to your coworker, but not your buddy from high school (unless he happened to be your coworker, of course). Novell systems are now rare because they are viewed by many as arcane. You can be expert in the mechanics of a typical corporate computer network, and be baffled by the mysteries of Novell. There is also some acclimation required for users switching to or from a Novell network, but most LAPD users have been on Novell for years and it’s familiar to them.

The primary reason LAPD cited for the move back to Novell was that the security structure of Google Apps didn’t meet the federally-mandated requirements LAPD is bound by. It’s not clear exactly where LAPD felt Google was short, but it’s interesting to note that a competing cloud-based service, Microsoft’s Office 365, lost customers in the European Union (EU) because of requirements in the PATRIOT Act. The PATRIOT Act mandates that the U.S. government have access to information stored on U.S.-based cloud servers. This didn’t sit well with some European governments and corporations who don’t believe the U.S. government has any business looking at their data. Microsoft has countered the PATRIOT Act problem with the Office 365 Trust Center, which presumably moves EU data to servers not located in the United States.

The City of Los Angeles moved much of its internal communications and records structure to “the cloud,” namely, Google Apps, in 2011. The PD is now going back to its old Novell email network because the security structure of Google Apps didn’t meet federally-mandated requirements. (AP Image)

Economically-Sound Model Moving your organization’s email and stored documents to a cloud server can save a lot of money. Companies offering cloud storage and applications maintain huge multiple server farms, usually dispersed widely to avoid a single point of failure in the event a disaster knocks one offline. Company A’s data might normally live on a Google server outside of The Dalles (Ore.), which is conveniently located adjacent to a hydroelectric dam (as these places have massive power requirements), and be backed up on another farm in Reston (Va.). If Godzilla steps on the facility in Oregon, operations automatically switch to Virginia. Users might not even notice.

Expensive as they are to build and run, it’s still cheaper to rent space on a server farm than it is to maintain your own, especially if the mission requires redundancy in the form of a duplicate data center to back up the first one.

The stories of data security breaches that seem to come up weekly might lead one to believe that security in the cloud is severely lacking. On the whole, this isn’t true. Banks and other financial services companies conduct most of their business electronically, and encourage their customers to do likewise, charging fees to visit a teller window or use paper checks instead of electronic payments. The problem, simply stated, is that any security system that an authorized person can access can be penetrated by an unauthorized person with the right information and enough time. Large organizations like Google can hire the top security people in the field and have them constantly inspecting and improving their security measures; the typical customer makes this a collateral duty of their IT guy.

Thin ClientsMoving data and applications to the cloud can save money on hardware, too. The conventional personal computer has to have storage in the form of a hard drive or solid-state drive to hold program code and data. When the organization needs to update software, it usually requires a tech to personally visit each machine or connect to it remotely to install the new programs.

If you have five computers, that’s an afternoon. If you have 500, that’s February and March. Computers that have no local storage and rely on a server for both programs and data are sometimes called “thin clients.” They don’t need hard drives, and since the software resides in one place, an upgrade is very fast. Thin clients were the Next Big Thing about ten years ago, but didn’t catch on. Now that network capacity and throughput has grown dramatically, the thin client’s day may come again.

About the author

Tim Dees is a writer, editor, trainer, and former law enforcement officer. After 15 years as a police officer with the Reno Police Department and elsewhere in Northern Nevada, Tim taught criminal justice as a full-time professor and instructor at colleges in Wisconsin, West Virginia, Georgia, and Oregon.

He was also a regional training coordinator for the Oregon Dept. of Public Safety Standards & Training, providing in-service training to 65 criminal justice agencies in central and eastern Oregon.

Tim has written more than 300 articles for nearly every national law enforcement publication in the United States, and is the author of The Truth About Cops, published by Hyperink Press. In 2005, Tim became the first editor-in-chief for Officer.com, moving to the same position for LawOfficer.com at the beginning of 2008. He now writes on applications of technology in law enforcement from his home in SE Washington state.

Tim holds a bachelor’s degree in biological science from San José State University, a master’s degree in criminal justice from The University of Alabama, and the Certified Protection Professional credential from ASIS International. He serves on the executive board of the Public Safety Writers Association.